Distributed Password cracking attempts detected by Sentinel

directorcia Azure, Microsoft 365 January 10, 2025 1 Minute

Over the past couple of days I’ve inundated with failed logins from locations all around the world. You can see a partial list of the those IPs reported in Sentinel above.

But, for the first time I also found this alert had triggered an incident in Sentinel – Distributed Password cracking attempts in Microsoft Entra ID, as seen above.

Here is the list and locations so far:

IP Address	Origin (Country)	Potential Organization (if identifiable)
31.141.37.30	Russia	Provider: Rostelecom
38.222.57.97	United States	Comcast Cable Communications
190.99.43.237	Argentina	Telecom Argentina
187.55.129.25	Brazil	Vivo (Telefônica Brasil)
186.77.198.100	Brazil	Oi S.A.
24.152.24.225	United States	Cox Communications
102.212.239.10	Uganda	Uganda Telecom
131.161.44.200	United States	Microsoft Corporation
177.222.169.132	Brazil	TIM Brasil
31.155.228.215	Romania	UPC Romania
168.228.92.190	Brazil	NET Virtua
186.235.247.106	Brazil	Oi S.A.
177.124.90.249	Brazil	Vivo (Telefônica Brasil)
189.84.180.196	Brazil	Oi S.A.
190.89.30.3	Brazil	Vivo (Telefônica Brasil)
201.77.175.53	Brazil	Oi S.A.
206.0.9.157	United States	Comcast Cable Communications
138.0.25.140	Brazil	Oi S.A.
176.29.230.49	Ukraine	Ukrtelecom
191.99.34.144	Brazil	Claro Brasil
87.116.135.139	France	Orange S.A.
170.82.15.6	Brazil	Claro Brasil
84.54.71.37	Spain	Telefónica
170.231.164.96	Brazil	Oi S.A.
45.231.208.166	Mexico	Megacable
190.14.176.31	Colombia	ETB (Empresa de Telecomunicaciones de Bogotá)
85.106.118.20	Italy	TIM (Telecom Italia)
191.189.9.96	Brazil	Claro Brasil
152.249.19.25	Argentina	Telecom Argentina
189.34.199.125	Brazil	Vivo (Telefônica Brasil)
41.225.129.174	Nigeria	MTN Nigeria
85.96.249.52	Italy	Vodafone Italia
197.26.214.34	South Africa	MTN South Africa
187.183.41.6	Brazil	Claro Brasil
177.126.234.232	Brazil	Vivo (Telefônica Brasil)
149.86.137.85	United States	AT&T

Always nice to have Sentinel on the job letting me know what’s going on!

Published by directorcia

View all posts by directorcia

Published January 10, 2025

Leave a comment Cancel reply